fix: potential sql injection vulnerability in database query construction #968
Description
Description
The database query construction uses string concatenation with user-provided input, which creates a SQL injection vulnerability. If userInput contains malicious SQL, it could be executed as part of the query. This could lead to unauthorized data access, modification, or deletion.
Severity: critical
File: plugins/database-plugin.ts
Expected Behavior
This should be handled properly to prevent runtime errors or degraded reliability.